fix: use of kustomize deprecated features

[erikgb]

This PR's main motivation is to make it easier to replace the long-deprecated kube-rbac-proxy image with similar functionality now available in controller-runtime. But since I noticed some use of deprecated kustomize features, I made some additional improvements.

Some of the proposed changes are based on the latest updates in kubebuilder (go/v4). I don't want to attempt migrating to kubebuilder go/v4 before #49 is merged (or closed) to avoid interference between PRs.

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign munnerz for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wallrj]

I expected this patch to change or be deleted, since it's what adds the kube-rbac-proxy sidecar:

• https://github.com/cert-manager/sample-external-issuer/blob/main/config/default/manager_auth_proxy_patch.yaml

Did you forget to commit something?

[erikgb]

I could extend the PR to include migration away from kube-rbac-proxy, but that will increase the number of changes significantly. But can still make sense. WDYT?

[wallrj]

Oh, I misunderstood your PR description.

But since I noticed some use of deprecated kustomize features, I made some additional improvements.

I thought you meant that you'd removed kube-rbac-proxy and additionally replaced some deprecated kustomize features.

Now I understand that this PR is ground work for a follow up PR which removes kube-rbac-proxy.

[wallrj]

Thanks @erikgb

Now I understand that this is ground work for the replacement of kube-rbac-proxy in a followup PR.

I could find the kubebuilder PRs for most of these changes, but some of the changes do not seem to be found upstream.

Please write a little more about how you generated this PR and highlight which parts are mechanical and which parts are hand crafted.

[wallrj]

Looks like this new file was renamed from the original certificate.yaml in kubernetes-sigs/kubebuilder#4400 👍

• ✨ (go/v4): feat/fix: enhance cert-manager integration for metrics endpoints (follow-up to PR #4243) kubernetes-sigs/kubebuilder#4400

[wallrj]

Reflects the upstream changes which were introduced in:

• ✨ (kustomize/v2) Remove deprecated syntax usage by replacing patchesStrategicMerge with patches kubernetes-sigs/kubebuilder#3374

[wallrj]

Why is this removed? It is still in the kubebuilder skaffolding AFAICS:

• https://github.com/kubernetes-sigs/kubebuilder/blob/18df53806e97f5ed41161edeb7607bf0f04b1d07/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomizeconfig.go#L62-L64

[wallrj]

Why did these filenames change? Is it because the CRD name was changed in #42 and we forgot to re-run the kubebuilder crd generator tool?

If so, it really annoys me that issuer-lib prevents us from using the CRD name issuer and clusterissuer.

[erikgb]

Please write a little more about how you generated this PR and highlight which parts are mechanical and which parts are hand crafted.

Basically everything was had-crafted, but based on the content in https://github.com/kubernetes-sigs/kubebuilder/tree/master/testdata/project-v4. Do you want me to perform a full rescaffolding? Would that be easier to review?

[wallrj]

Do you want me to perform a full rescaffolding?

Maybe that would be cleaner.

The PR description says:

I don't want to attempt migrating to kubebuilder go/v4 before #49 is merged (or closed) to avoid interference between PRs

I vote to close that PR for the reasons given by Ash in his review.

This PR's main motivation is to make it easier to replace the long-deprecated kube-rbac-proxy image with similar functionality now available in controller-runtime

Update the PR description to explain how these changes makes it easier to accomplish that goal.

I really just want to understand the reasoning for this particular set of changes.
The PR title says "fix use of kustomize deprecated features"
Some of these changes do remove deprecated kustomize features.
Some changes (such as the removal of cainjection patches) seem like they are part of the rescaffolding.
Other changes (the removal of the varReference block) do not have any upstream counterpart, and I want to know why that change belongs in this PR (is it a deprecated kustomize feature?) and why it has not been changed in the kubebuilder project?